Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Banned 1300+ IPs so far. WTF is up with the brute for attack on user "chamrone"

Skip to first unread message

May 17, 2019, 9:31:51 AM5/17/19
My server had never had a user named chamrone. It's doesn't look significant and it's not an admin account I'm aware of, but someone/something has been trying to brute force the password for over a month now by attempting an IMAP login.

They try 1 password from 1 IP address, then never use that IP again, or use it maybe once more. I ban each IP after the first try, however I'm just really confused by this.

The IPs are from all over the world, although few/none from the US, where I'm located.

Someone with a large botnet is spending time trying to guess the password for a nonexistent user.

Does anybody have any ideas what the purpose for this is?

It's not a security risk (AFAIK) because there is no user, but it's so persistent that I'm starting to think that something is going on that I'm just not aware of.

Anybody have any thoughts/ideas?
0 new messages